joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

AdFind -sslinfo

by @ 9:06 pm on 5/10/2017. Tags:
Filed under general, tech

One of the new switches I have added to AdFind V01.50.00 is the –sslinfo switch.

This is some functionality I have long wanted to have in AdFind because getting info about the certs the Domain Controllers (or ADLDS) is presenting can be very useful information, especially for troubleshooting. That being said this switch should probably still have the BETA tag on it because it isn’t fully integrated into the rest of AdFind. That means you won’t be able to ask for just specific attributes that it outputs for the certs or get the info in CSV format or do ANY of the output manipulation that you can do with most things. You will also notice the normal server info header info isn’t there either.

I do intend to fix it and make it work in the normal way. The reason it is done this way is because it was a last minute add because I needed it (which is why AdFind and 90% of its functionality was produced anyway) and it is outside the normal LDAP data stream flow so is outside of the space where I have all of the searching/formating functionality.

If you haven’t checked it out though it is pretty cool.

[Wed 05/10/2017 20:59:31.16]
E:\issues\OU_DC>adfind -hh k16tst-dc1.k16tst.test.loc -sslinfo

AdFind V01.50.00cpp Joe Richards (support@joeware.net) May 2017

dn:CN=Certificate Info,CN=k16tst-dc1.k16tst.test.loc
>ciEncodingType: X509_ASN_ENCODING (0x01)
>ciVersion: CERT_V3 (0x02)
>ciNotBefore: 2017/04/27-09:24:40 Eastern Daylight Time
>ciNotAfter: 2018/04/27-09:24:40 Eastern Daylight Time
>ciSignatureAlgorithm: 1.2.840.113549.1.1.13
>ciIssuer: CN=CA1,DC=k16tst,DC=test,DC=loc
>ciSubject: CN=K16TST-DC1.k16tst.test.loc
>ciAltNameDNSName: K16TST-DC1.k16tst.test.loc
>ciAltNameDNSName: k16tst.test.loc
>ciAltNameDNSName: K16TST

dn:CN=SSL Connection Information,CN=k16tst-dc1.k16tst.test.loc
>ciProtocol: Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
>ciCipherAlgorithm: AES 256-bit encryption algorithm (CALG_AES_256)
>ciCipherStrength: 256 bits
>ciHashAlgorithm: 384 bit SHA hashing algorithm (CALG_SHA_384)
>ciHashStrength: 0 bits
>ciKeyExchAlgorithm: Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
>ciKeyExchStrength: 255 bits

The command completed successfully

[Wed 05/10/2017 20:59:33.33]
E:\issues\OU_DC>adfind -hh k16tst-dc2.k16tst.test.loc -sslinfo

AdFind V01.50.00cpp Joe Richards (support@joeware.net) May 2017

dn:CN=Certificate Info,CN=k16tst-dc2.k16tst.test.loc
>ciEncodingType: X509_ASN_ENCODING (0x01)
>ciVersion: CERT_V3 (0x02)
>ciNotBefore: 2017/04/08-12:15:53 Eastern Daylight Time
>ciNotAfter: 2018/04/08-12:15:53 Eastern Daylight Time
>ciSignatureAlgorithm: 1.2.840.113549.1.1.13
>ciIssuer: CN=CA1,DC=k16tst,DC=test,DC=loc
>ciSubject: CN=K16TST-DC2.k16tst.test.loc
>ciAltNameDNSName: K16TST-DC2.k16tst.test.loc

dn:CN=SSL Connection Information,CN=k16tst-dc2.k16tst.test.loc
>ciProtocol: Transport Layer Security 1.2 client-side (SP_PROT_TLS1_2_CLIENT)
>ciCipherAlgorithm: AES 256-bit encryption algorithm (CALG_AES_256)
>ciCipherStrength: 256 bits
>ciHashAlgorithm: 384 bit SHA hashing algorithm (CALG_SHA_384)
>ciHashStrength: 0 bits
>ciKeyExchAlgorithm: Ephemeral elliptic curve Diffie-Hellman key exchange (CALG_ECDH_EPHEM)
>ciKeyExchStrength: 255 bits

The command completed successfully

Rating 4.00 out of 5

Leave a Reply

Please note: Comment moderation is currently enabled so there will be a delay between when you post your comment and when it shows up. Patience is a virtue; there is no need to re-submit your comment.

[joeware – never stop exploring… :) is proudly powered by WordPress.]